Question No: 71 – (Topic 1)

After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?

Reduce the power level of the AP on the network segment

Implement MAC filtering on the AP of the affected segment

Perform a site survey to see what has changed on the segment

Change the WPA2 encryption key of the AP in the affected segment

Answer: A Explanation:

Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.

Question No: 72 – (Topic 1)

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.

Given the above information, which of the following can be inferred about the above environment?

192.168.1.30 is a web server.

The web server listens on a non-standard port.

The router filters port 80 traffic.

The router implements NAT.

Answer: D Explanation:

Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated quot;privatequot; IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a quot;publicquot; address (10.2.2.1) assigned by an Internet service provider.

Question No: 73 – (Topic 1)

A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?

Host-based firewall

IDS

IPS

Honeypot

Answer: B

Explanation:

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies.

IDPSes have become a necessary addition to the security infrastructure of nearly every organization.

IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack#39;s content.

Question No: 74 – (Topic 1)

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

Implicit deny

VLAN management

Port security

Access control lists

Answer: D Explanation:

In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router

continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

Question No: 75 – (Topic 1)

A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).

IPv6

SFTP

IPSec

SSH

IPv4

Answer: A,C Explanation:

Telnet supports IPv6 connections.

IPv6 is the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec is a compulsory component for IPv6.

Question No: 76 – (Topic 1)

A security analyst needs to ensure all external traffic is able to access the company’s front- end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

DMZ

Cloud computing

VLAN

Virtualization

Answer: A Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 77 – (Topic 1)

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.

Which of the following should the administrator implement?

WPA2 over EAP-TTLS

WPA-PSK

WPA2 with WPS

WEP over EAP-PEAP

Answer: D Explanation:

D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAP-MD5, as well as LEAP and PEAP.

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server#39;s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Question No: 78 – (Topic 1)

Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?

WPA2-Enterprise wireless network

DNS secondary zones

Digital certificates

Intrusion detection system

Answer: A Explanation:

WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server.

Question No: 79 – (Topic 1)

NO: 93

Multi-tenancy is a concept found in which of the following?

Full disk encryption

Removable media

Cloud computing

Data loss prevention

Answer: C Explanation:

One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

Question No: 80 – (Topic 1)

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?

IV attack

WEP cracking

WPA cracking

Rogue AP

Answer: C Explanation:

There are three steps to penetrating a WPA-protected network. Sniffing